[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
On Tue, Apr 14, 2009 at 09:56:59AM +0200, Simon Josefsson wrote:
> Jeffrey Hutzelman <jhutz@xxxxxxx> writes:
> > I think you have to encode the type of channel to be used for this in
> > the mechanism name, so that it becomes part of the input to mechanism
> > selection. It would be poor for a client to select EXTERNAL-CHANNEL
> > thinking it's going to get to use credentials from one channel type,
> > only to discover that the server only supports some different type.
> > Unfortunately this does mean you need to register a distinct name for
> > each channel type, but I think that's unavoidable anyway. The thing
> > we're interested in here is a channel type, not a channel binding
> > type.
> I agree with that. I have re-read the discussion around
> external-channel-00 and it also leaned towards that approach.
> Thus, I believe the way forward is to define a EXTERNAL-* mechanism
> family and provide one instantiation as EXTERNAL-TLS.